public static bool CreateRole(string role, string aStoreName) { bool success = false; try { AzAuthorizationStore store = new AzAuthorizationStore(); string storeLocation = AzManReader.GetAuthStoreLocation(aStoreName); string roleName = "_" + role; //4 = AZ_AZSTORE_FLAG_BATCH_UPDATE store.Initialize(4, storeLocation, null); foreach (IAzApplication3 application in store.Applications) { //Create a new role definition IAzRoleDefinition newRole = application.CreateRoleDefinition(roleName); //Create a new role assignment IAzRoleAssignment newRoleAssignment = application.CreateRoleAssignment(roleName); newRole.Submit(); newRoleAssignment.AddRoleDefinition(roleName); newRoleAssignment.Submit(); application.Submit(); } success = true; } catch (COMException ce) { if (ce.ErrorCode.Equals(-2147024713)) { MessageBox.Show(null, "Role already exist in this application.", "Role already exist"); } else { MessageBox.Show(null, ce.Message + "\n" + ce.ErrorCode.ToString(), "COMException occurred"); } } catch (Exception ex) { if (ex is UnauthorizedAccessException) { MessageBox.Show("Access denied to " + aStoreName + "AuthStore.xml. Maybe it is read-only?", "", MessageBoxButtons.OK); } else { MessageBox.Show("Could not create role. Maybe it already exists?", "", MessageBoxButtons.OK); } success = false; } return(success); }
private static void MergeStores(string fromStoreLocation, string toStoreLocation) { LogEntry entry = new LogEntry(); entry.Severity = TraceEventType.Verbose; entry.Priority = -1; if (Logger.ShouldLog(entry)) { entry.Message = string.Format("Merging authorization stores.\nFrom Store = \"{0}\"\nTo Store = \"{1}\"...", fromStoreLocation, toStoreLocation); Logger.Write(entry); } try { AzAuthorizationStore fromStore = new AzAuthorizationStore(); fromStore.Initialize(0, fromStoreLocation, null); AzAuthorizationStore toStore = new AzAuthorizationStore(); toStore.Initialize(AZ_AZSTORE_FLAG_BATCH_UPDATE, toStoreLocation, null); foreach (IAzApplication3 fromApplication in fromStore.Applications) { IAzApplication3 toApplication = (IAzApplication3)((IAzAuthorizationStore3)toStore).OpenApplication2(fromApplication.Name, null); var operationsDictionary = new Dictionary <string, IAzOperation>(); int nextOperationId = 0; foreach (IAzOperation toOperation in toApplication.Operations) { operationsDictionary.Add(toOperation.Name, toOperation); nextOperationId = Math.Max(nextOperationId, toOperation.OperationID); } foreach (IAzOperation fromOperation in fromApplication.Operations) { IAzOperation toOperation = null; if (operationsDictionary.ContainsKey(fromOperation.Name)) { toOperation = operationsDictionary[fromOperation.Name]; } else { if (Logger.ShouldLog(entry)) { entry.Message = string.Format("Adding new Operation \"{0}\"...", fromOperation.Name); Logger.Write(entry); } toOperation = toApplication.CreateOperation(fromOperation.Name); nextOperationId++; toOperation.OperationID = nextOperationId; } toOperation.Description = fromOperation.Description; toOperation.Submit(); } var tasksDictionary = new Dictionary <string, IAzTask>(); foreach (IAzTask toTask in toApplication.Tasks) { tasksDictionary.Add(toTask.Name, toTask); } foreach (IAzTask fromTask in fromApplication.Tasks) { IAzTask toTask = null; if (tasksDictionary.ContainsKey(fromTask.Name)) { toTask = tasksDictionary[fromTask.Name]; } else { if (Logger.ShouldLog(entry)) { entry.Message = string.Format("Adding new Task \"{0}\"...", fromTask.Name); Logger.Write(entry); } toTask = toApplication.CreateTask(fromTask.Name); } toTask.IsRoleDefinition = fromTask.IsRoleDefinition; toTask.Description = fromTask.Description; foreach (string taskOperation in fromTask.Operations) { if (!((object[])toTask.Operations).Contains(taskOperation)) { if (Logger.ShouldLog(entry)) { entry.Message = string.Format("Adding Operation \"{0}\" to Task \"{1}\"...", taskOperation, toTask.Name); Logger.Write(entry); } toTask.AddOperation(taskOperation); } } toTask.Submit(); } var rolesDictionary = new Dictionary <string, IAzRoleDefinition>(); foreach (IAzRoleDefinition toRole in toApplication.RoleDefinitions) { rolesDictionary.Add(toRole.Name, toRole); } foreach (IAzRoleDefinition fromRole in fromApplication.RoleDefinitions) { IAzRoleDefinition toRole = null; if (rolesDictionary.ContainsKey(fromRole.Name)) { toRole = rolesDictionary[fromRole.Name]; } else { if (Logger.ShouldLog(entry)) { entry.Message = string.Format("Adding new Role Definition \"{0}\"...", fromRole.Name); Logger.Write(entry); } toRole = toApplication.CreateRoleDefinition(fromRole.Name); } toRole.Description = toRole.Description; foreach (string roleOperation in fromRole.Operations) { if (!((object[])toRole.Operations).Contains(roleOperation)) { if (Logger.ShouldLog(entry)) { entry.Message = string.Format("Adding Operation \"{0}\" to Role Definition \"{1}\"...", roleOperation, toRole.Name); Logger.Write(entry); } toRole.AddOperation(roleOperation); } } foreach (string roleTask in fromRole.Tasks) { if (!((object[])toRole.Tasks).Contains(roleTask)) { if (Logger.ShouldLog(entry)) { entry.Message = string.Format("Adding Task \"{0}\" to Role Definition \"{1}\"...", roleTask, toRole.Name); Logger.Write(entry); } toRole.AddTask(roleTask); } } toRole.Submit(); } } if (Logger.ShouldLog(entry)) { entry.Message = string.Format("Submitting changes..."); Logger.Write(entry); } toStore.Submit(); } catch (Exception ex) { AuthorizationException authException = new AuthorizationException(string.Format("Failed to merge authorization stores.\nFrom Store = \"{0}\"\nTo Store = \"{1}\"\n", fromStoreLocation, toStoreLocation), ex); entry.Severity = TraceEventType.Error; if (Logger.ShouldLog(entry)) { entry.Message = authException.ToString(); Logger.Write(entry); } throw authException; } }